Skip to main content

Yahoo confirms massive data breach rumors

9/22/2016

After keeping mum about a potential far-reaching data breach, Yahoo has finally come clean.



The search engine company confirmed today that account information for approximately 500 million users was stolen from the company’s network in late 2014.



The hacker, which the company described as a “state-sponsored actor,” pilfered sensitive information, including poorly encrypted passwords, names, email addresses, telephone numbers, dates of birth, even encrypted or unencrypted security questions and answers. Conversely, the cyber-criminal did not steal “unprotected passwords, payment card data, or bank account information,” according to a statement from Yahoo. “Payment card data and bank account information are not stored in the affected system.”



Yahoo is currently notifying potentially affected users, and has taken steps to secure their accounts, including resetting passwords, and invalidating unencrypted security questions and answers. Yahoo has also alerted users to change their passwords, and monitor their accounts for suspicious activity.



The first sign of trouble surfaced over the summer, when infamous cybercriminal “Peace” advertised the sale of user credentials for approximately 200 million Yahoo users, according to an article on Recode. This heisted data reportedly compromised user names, some passwords and personal information, such as birth dates and email addresses.



At the time, Yahoo said it was “aware of the claim,” but declined to confirm if the attack was legitimate, Recode added.


X
This ad will auto-close in 10 seconds